Issue #6443 has been updated by R.I. Pienaar.
I've updated 2 machines to the latest version and got bit by this bug,
additionally I saw notifies for resources that are only logging audit changes:
<pre>
Mar 1 08:55:57 monitor2 puppet-agent[9797]:
(/File[/etc/mcollective/policies/default.policy]/mode) audit change:
newly-recorded value 444
Mar 1 08:55:57 monitor2 puppet-agent[9797]:
(/File[/etc/mcollective/policies/default.policy]/type) audit change: previously
recorded value absent has bee
n changed to file
Mar 1 08:55:57 monitor2 puppet-agent[9797]:
(/File[/etc/mcollective/policies/default.policy]/owner) audit change:
newly-recorded value 0
Mar 1 08:55:57 monitor2 puppet-agent[9797]:
(/File[/etc/mcollective/policies/default.policy]/group) audit change:
newly-recorded value 0
Mar 1 08:55:57 monitor2 puppet-agent[9797]:
(/File[/etc/mcollective/policies/default.policy]/content) audit change:
newly-recorded value {md5}a6e2bd8b1af
51c376c44c9aeb7401a89
Mar 1 08:55:57 monitor2 puppet-agent[9797]:
(/File[/etc/mcollective/policies/default.policy]/ensure) audit change:
newly-recorded value file
</pre>
And then the resources get restarted:
<pre>
Mar 1 08:55:57 monitor2 puppet-agent[9797]:
(/Stage[main]/Mcollective::Config/File[/etc/mcollective/policies/]) Scheduling
refresh of Service[mcollective]
Mar 1 08:56:01 monitor2 puppet-agent[9797]:
(/Stage[main]/Mcollective::Service/Service[mcollective]) Triggered 'refresh'
from 13 events
</pre>
the resource in question:
<pre>
class mcollective::config {
file{"/etc/mcollective/policies/":
mode => 444,
purge => true,
force => true,
ignore => [".svn", ".git", ".gitignore"],
recurse => true,
ensure => directory,
notify => Class["mcollective::service"]
source => "puppet:///modules/mcollective/policies";
}
}
</pre>
I am working on the assumption that Audit events should never be treated as
notifies.
----------------------------------------
Bug #6443: auditing should not be enabled by default
https://projects.puppetlabs.com/issues/6443
Author: Dan Bode
Status: Needs design decision
Priority: Normal
Assignee: Nigel Kersten
Category:
Target version:
Affected Puppet version: 2.6.5
Keywords:
Branch:
on the second run of puppet agent, I get the following output.
it looks like puppet is automatically auditing its internal files.
I am pretty sure this is a 2.6.5 regression (although not 100% sure)
<pre>
info: Retrieving plugin
notice: /File[/var/lib/puppet/lib/puppet]/mode: audit change: previously
recorded value absent has been changed to 755
notice: /File[/var/lib/puppet/lib/puppet]/type: audit change: previously
recorded value absent has been changed to directory
notice: /File[/var/lib/puppet/lib/puppet]/owner: audit change:
previously recorded value absent has been changed to root
notice: /File[/var/lib/puppet/lib/puppet]/group: audit change:
previously recorded value absent has been changed to root
notice: /File[/var/lib/puppet/lib/puppet]/content: audit change:
previously recorded value absent has been changed to
notice: /File[/var/lib/puppet/lib/puppet]/ensure: audit change:
previously recorded value absent has been changed to directory
notice: /File[/var/lib/puppet/lib/puppet/parser]/mode: audit change:
previously recorded value absent has been changed to 755
notice: /File[/var/lib/puppet/lib/puppet/parser]/type: audit change:
previously recorded value absent has been changed to directory
notice: /File[/var/lib/puppet/lib/puppet/parser]/owner: audit change:
previously recorded value absent has been changed to root
notice: /File[/var/lib/puppet/lib/puppet/parser]/group: audit change:
previously recorded value absent has been changed to root
notice: /File[/var/lib/puppet/lib/puppet/parser]/content: audit change:
previously recorded value absent has been changed to
notice: /File[/var/lib/puppet/lib/puppet/parser]/ensure: audit change:
previously recorded value absent has been changed to directory
notice: /File[/var/lib/puppet/lib/puppet/parser/functions]/mode: audit
change: previously recorded value absent has been changed to 755
notice: /File[/var/lib/puppet/lib/puppet/parser/functions]/type: audit
change: previously recorded value absent has been changed to directory
notice: /File[/var/lib/puppet/lib/puppet/parser/functions]/owner: audit
change: previously recorded value absent has been changed to root
notice: /File[/var/lib/puppet/lib/puppet/parser/functions]/group: audit
change: previously recorded value absent has been changed to root
notice: /File[/var/lib/puppet/lib/puppet/parser/functions]/content:
audit change: previously recorded value absent has been changed to
notice: /File[/var/lib/puppet/lib/puppet/parser/functions]/ensure: audit
change: previously recorded value absent has been changed to directory
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/add_virtual_interfaces.rb]/mode:
audit change: previously recorded value absent has been changed to 644
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/add_virtual_interfaces.rb]/type:
audit change: previously recorded value absent has been changed to file
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/add_virtual_interfaces.rb]/owner:
audit change: previously recorded value absent has been changed to root
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/add_virtual_interfaces.rb]/group:
audit change: previously recorded value absent has been changed to root
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/add_virtual_interfaces.rb]/content:
audit change: previously recorded value absent has been changed to
{md5}4e112809243a1cdfb02bac84dd193471
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/add_virtual_interfaces.rb]/ensure:
audit change: previously recorded value absent has been changed to file
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/create_content_symlinks.rb]/mode:
audit change: previously recorded value absent has been changed to 644
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/create_content_symlinks.rb]/type:
audit change: previously recorded value absent has been changed to file
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/create_content_symlinks.rb]/owner:
audit change: previously recorded value absent has been changed to root
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/create_content_symlinks.rb]/group:
audit change: previously recorded value absent has been changed to root
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/create_content_symlinks.rb]/content:
audit change: previously recorded value absent has been changed to
{md5}5bb548475df14b1d487d89adb38afb4d
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/create_content_symlinks.rb]/ensure:
audit change: previously recorded value absent has been changed to file
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/finalize_virtual_interfaces.rb]/mode:
audit change: previously recorded value absent has been changed to 644
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/finalize_virtual_interfaces.rb]/type:
audit change: previously recorded value absent has been changed to file
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/finalize_virtual_interfaces.rb]/owner:
audit change: previously recorded value absent has been changed to root
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/finalize_virtual_interfaces.rb]/group:
audit change: previously recorded value absent has been changed to root
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/finalize_virtual_interfaces.rb]/content:
audit change: previously recorded value absent has been changed to
{md5}ec5df2f251ca425e5a8ef79255d71dcf
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/finalize_virtual_interfaces.rb]/ensure:
audit change: previously recorded value absent has been changed to file
</pre>
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
